08-09-2014, 10:11 AM
IEEE 802.11 Wireless LAN Security Overview
IEEE 802.11 Wireless.pdf (Size: 737.02 KB / Downloads: 206)
Introduction
Wireless Local Area Networks (WLANs) succeeded in
providing wireless network access at acceptable datarates. The Institute of Electrical and Electronics
Engineering (IEEE) have set standards and specifications
for data communications in wireless environment,
IEEE802.11 is the driving technology standard for
WLANs [1]. WLANs are deployed as an extension to the
existing fixed/wired LANs and due to the fact that the
nature of WLANs are different from their wired
counterparts, it is important to raise the security of
WLANs to levels closer or equal to the wired LANs. In
general IEEE802.11 can operate in two network
topology modes, Ad hoc and Infrastructure modes. This
paper discusses WLANs in infrastructure mode. In the
infrastructure topology, wireless stations (STAs)
communicate wirelessly to a network access point (AP)
which is connected to the wired network, this setup
forms a WLANThe establishment of connections
between STAs and AP goes through three phases;
probing, authentication and association [1]. In probing
phase, the STA can either listen passively to AP signals
and automatically attempts to join the AP or can actively
request to join an AP. Next is the authentication phase,
the STA here is authenticated by the AP using some
authentication mechanisms described later in the paper.
After successfully authenticating, the STA will send an
association request to the AP, when approved, the AP
adds the STA to its table of associated wireless devices.
The AP can associate many STAs but an STA can be
associated to one AP only at a time. Figure 1 shows the
three phases in WLANs.
WLAN Security attacks
There are many security threats and attacks that can
damage the security of WLANs. Those attacks can be
classified into logical attacks and physical attacks.
Denial of Service attack
Denial of Service attacks or DoS is a serious threat on
both wired and wireless networks. This attack aims to
disable the availability of the network and the services it
provides [5]. In WLANs, DoS is conducted in several
ways like interfering the frequency spectrum by external
RF sources hence denying access to the WLAN or, in
best cases, granting access with lower data rates [3].
Another way is sending failed association messages to
AP and overloads the AP with connections till it
collapses which, as a result, will deny other STAs from
associating with the AP. Attempts are maid by
researchers to overcome such attack by introducing new
network elements like Admission Controller (AC) and
Global Monitor (GM) [36]
Default AP configurations
Most APs are shipped with minimum or no security
configuration by default. This is true because shipping
them with all security features enabled will make usage
and operation difficult for normal users. The aim of AP
suppliers is to deliver high data rate, out of the box
installation APs with- out sincere commitment to
security. Network security administrators should
configure these AP according to the organizations
security policy [18]. Some of the default unsecured
setting in APs shipped today are default passwords
which happens to be weak or blank
Physical placement of APs
The installation location of APs is another security issue
because placing APs inappropriately will expose it to
physical attacks. Attackers can easily reset the APs once
found causing the AP to switch to its default settings
which is totally insecure. It is very important for network
security administrators to carefully choose appropriate
places to mount APs.
AP's coverage
The main difference between WLANs and wired/fixed
LANs is that WLANs relies on Radio Frequency (RF)
signals as a communication medium. The signals
broadcasted by the AP can propagate outside the
perimeter of a room or a building, where an AP is placed,
allowing users who are not physically in the building to
gain access to the network. Attackers use special
equipments and sniffing tools to find available WLANs
and eavesdrop live communications while driving a car
or roaming around CBD areas. Because RF signals obey
no boundaries, attackers outside a building can receive
such signals and launch attacks on the WLAN. This kind
of attack is called "war driving" [19]. Publicly available
tools are used for war driving like NetStumbler [20].
Hobbyists also chalk buildings to indicate that signals
are broadcasted from the building and the WLAN in it
can be easily accessed. This marking is called "war
chalking". In War chalking, information about the speed
of the connection and whether the authentication scheme
used is open or shared keys are mentioned in the form of
special codes agreed upon between war-chalkers. There
are a lot of doubts and debates in the wireless network
community regarding the legality of war chalking and
war driving activities
IEEE802.11i
Overview
To solve the roots of the problems in WEP and TKIP,
IEEE specified a new standard that provides enhanced
security as well as support to legacy protocols for
backward compatibility. IEEE802.11i [22] is based on
IEEE802.11 with security enhancement in the MAC
layer; it was approved in July 2004. IEEE802.11i
elevates the level of security shipped with WLAN
products like APs and wireless network interface cards.
A specific task group in the IEEE called "Task Group i
(TGi)" developed and still updating this standard, the
group tried to specify a standard that will achieve most
important security goals, authentication, confidentiality
and integrity.
Key management
Key management was a major problem in WEP; one of
the biggest drawbacks of WEP was key abuse by using
the same key over and over again. With the help of
IEEE802.1x/EAP, a novel key management scheme was
developed. This key management scheme can be used
with TKIP and IEEE802.11i security standard.
IEEE802.11i names this key management scheme the “4-
way handshake”. Overview of key management handling
in IEEE802.11i is illustrated in Figure 9. Initially
the STA listens to AP signals passively or actively
probes for it. Then the STA authenticates using open
system authentication method. Then STA associates with
the AP. When the association is established, they both
authenticate themselves using IEEE802.1x
authentication. Further, STA and AS exchange EAP
messages to derive PMK. In situations where AS does
not exist, AP and STA share a secret key, PSK, here
PMK takes the value of PSK. Next, the 4-way handshake
protocol is performed between STA and AP to derive
and install PTK and GTK (optional). All previous
communications takes place in the 802.1x uncontrolled
port; i.e. the 802.1x controlled port is blocked
Other services
IEEE802.11i is optionally supporting TKIP to provide
backward compatibility with legacy systems and with
systems that does not support AES hardware. TKIP keys
are obtained from PTK and GTK, 128-bits minimum,
TKIP will benefit from the key management scheme
Conclusion
IEEE802.11 was initially designed to interconnect
wireless devices to wired networks; the aim was to
achieve networking with minimum or no security.
Security was not an important issue at that stage,
however, with the successful of WLANs and the fast
adoption of this technology, security became important
and achieving security became a primary concern. Wired
Equivalent Privacy (WEP) security protocols was the
first to be adopted in an attempt to satisfy the need for
securing wireless networks, soon WEP became
vulnerable and there was a demand for a better security
protocol. Industries already invested in wireless devices
so any new protocol should consider the hardware
capabilities of such devices. TKIP came into picture with
promise of a better security using the same hardware. An
upgrade in software is what made TKIP more secured
than WEP. However, the core encryption algorithm is
still the same, weak RC4 stream cipher, with this
encryption algorithm and the design flaws it experiences,
TKIP believed to be a short-life solution. IEEE
recognized the need for a new protocol that is more
secure and long lasting. IEEE finally answered the call
by working on a new security standard, IEEE802.11i.
The standard was approved in June 2004. This new
standard addresses new security protocols and introduces
the adoption of strong block encryption algorithm,
Advanced Encryption Standard (AES), also introduces a
new key management scheme. Attacks on privacy,
integrity, and authentication can be overcome by
IEEE802.11i